Overview

overview

10

Static

static

649982bca8...87.exe

windows7-x64

10

649982bca8...87.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2022 05:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    649982bca8732a94d5f1e9cc3d87045e3aff04687080036bed0ba298e7957e87.exe

  • Size

    830KB

  • MD5

    eb5fcfda27dd7dba6489e9235cb0ebb3

  • SHA1

    214d444e61f2ce14eda1d8eb8d6cc46649e67f36

  • SHA256

    649982bca8732a94d5f1e9cc3d87045e3aff04687080036bed0ba298e7957e87

  • SHA512

    0c03ec4898e15e6d8002477433620feb5f2ecf6f98614691c92f81c81922707b7589523c0b172854fa0bd3f47680b4219c18f04fc26a06ff529c77bcf276a172

  • SSDEEP

    12288:MMN7mUCD1sJ86iVAClceomYDjPVnsOUErboVyj4Q/:z7mTWgVPl9ofDe0HPjj

Score
10/10
raccoon5eaa41b3101d5537f786a35da1878f0d1d760e53stealer

Malware Config

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

5eaa41b3101d5537f786a35da1878f0d1d760e53

Attributes
  • url4cnc

    https://telete.in/jbitchsucks

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer payload 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\649982bca8732a94d5f1e9cc3d87045e3aff04687080036bed0ba298e7957e87.exe
    "C:\Users\Admin\AppData\Local\Temp\649982bca8732a94d5f1e9cc3d87045e3aff04687080036bed0ba298e7957e87.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Users\Admin\AppData\Local\Temp\649982bca8732a94d5f1e9cc3d87045e3aff04687080036bed0ba298e7957e87.exe
      "C:\Users\Admin\AppData\Local\Temp\649982bca8732a94d5f1e9cc3d87045e3aff04687080036bed0ba298e7957e87.exe"
      2⤵
        PID:4872
      • C:\Users\Admin\AppData\Local\Temp\649982bca8732a94d5f1e9cc3d87045e3aff04687080036bed0ba298e7957e87.exe
        "C:\Users\Admin\AppData\Local\Temp\649982bca8732a94d5f1e9cc3d87045e3aff04687080036bed0ba298e7957e87.exe"
        2⤵
          PID:1300

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1300-139-0x0000000000000000-mapping.dmp
        Download
      • memory/1300-140-0x0000000000400000-0x0000000000493000-memory.dmp
        Filesize

        588KB

        Download
      • memory/1300-141-0x0000000000400000-0x0000000000493000-memory.dmp
        Filesize

        588KB

        Download
      • memory/1300-142-0x0000000000400000-0x0000000000493000-memory.dmp
        Filesize

        588KB

        Download
      • memory/1300-143-0x0000000000400000-0x0000000000493000-memory.dmp
        Filesize

        588KB

        Download
      • memory/1904-132-0x0000000000250000-0x0000000000326000-memory.dmp
        Filesize

        856KB

        Download
      • memory/1904-133-0x0000000005270000-0x0000000005814000-memory.dmp
        Filesize

        5.6MB

        Download
      • memory/1904-134-0x0000000004D60000-0x0000000004DF2000-memory.dmp
        Filesize

        584KB

        Download
      • memory/1904-135-0x0000000004CF0000-0x0000000004CFA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/1904-136-0x0000000007530000-0x00000000075A6000-memory.dmp
        Filesize

        472KB

        Download
      • memory/1904-137-0x0000000007500000-0x000000000751E000-memory.dmp
        Filesize

        120KB

        Download
      • memory/4872-138-0x0000000000000000-mapping.dmp
        Download